<?php
session_start();
ob_start();

require_once 'conn.php';
$cuser = $_POST['username'];
$saltpw = md5($_POST['password']);

$query = sprintf ( "SELECT username,salt,password FROM members WHERE username=%s ", GetSQLValueString ( $_POST ['username'], "text" ) );
$result = mysql_query ( $query );
$showresult = mysql_fetch_assoc($result);

if ($showresult==null){
	header('Location: ../message.php?msg=error');
};
//$rowresult = mysql_num_rows($result);//返回结果行数
//echo $rowresult;

$pw = $saltpw.$showresult['salt'];
$password = md5($pw);
if ($password==$showresult['password']){
	$_SESSION['MM_Username']= $_POST['username'];
	$_SESSION['MM_Password']= $pw;
	header('Location: ../message-loginsuccess.htm');
	
}else{
	header('Location: ../message-error.htm');
};
//$line = mysql_fetch_array ( $result );
//foreach ( $line as $col_value )
//	echo $col_value;
//echo mysql_num_rows ( $result );
//$test = base64_encode($col_value);
//$test = base64_decode($test);

?>